Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1


Ratings: (0)|Views: 785|Likes:
Published by api-3726034

More info:

Published by: api-3726034 on Oct 18, 2008
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





1 - 34
CCNP: Implementing Secure Converged Wide-area Networks v5.0 - Lab 3-1
Copyright\u00a9 2007, Cisco Systems, Inc
Lab 3.1 Configuring SDM on a Router
Learning Objectives

\u2022 Prepare a router for access with Cisco Security Device Manager
\u2022 Install SDM onto a PC
\u2022 Install SDM onto a router through a Windows host

Topology Diagram

In this lab, you will prepare a router for access via the Cisco Security Device Manager (SDM), using some basic commands, to allow connectivity from the SDM to the router. You will then install the SDM application locally on a host computer. Finally, you will install SDM onto the flash memory of a router.

Step 1: Lab Preparation

Start this lab by erasing any previous configurations and reloading your
devices. Once your devices are reloaded, set the appropriate hostnames.
Ensure that the switch is set up so that both the router and host are in the same
VLAN. By default, all ports on the switch are assigned to VLAN 1.

Ensure that your PC meets the minimum requirements to support SDM. SDM
can be run on a PC running any of the following operating systems:

\u2022Microsoft Windows ME
\u2022 Microsoft Windows NT 4.0 Workstation with Service Pack 4
\u2022 Microsoft Windows XP Professional
\u2022 Microsoft Windows 2003 Server (Standard Edition)
\u2022 Microsoft Windows 2000 Professional with Service Pack 4

Note: Windows 2000 Advanced Server is not supported.
In addition, a web browser with SUN JRE 1.4 or later or an ActiveX controlled
browser must be enabled.
Step 2: Prepare the Router for SDM

The Cisco SDM application uses the virtual terminal lines and HTTP server to manipulate the configuration of the device. Since a user must log in to access or change the configuration, some basic commands must be issued to allow remote access.

These are basic IOS commands and are not SDM-specific. However, without these commands, SDM will not be able to access the router, and will not work properly.

First, create a username and password on the router for SDM to use. This login
will need to have a privilege level of 15 so that SDM can change configuration
settings on the router. Make the password argument of this command the last
argument on the line, since everything after the password argument will
become part of the password. The username and password combination will be
used later when accessing the router.

R1(config)# username ciscosdm privilege 15 password 0 ciscosdm

HTTP access to the router must be configured for SDM to work. If your image
supports it (you will need to have an IOS image that supports crypto
functionality), you should also enable secure HTTPS access using the ip http

secure-server command. Enabling HTTPS generates some output about RSA
encryption keys. This is normal. Also, make sure the HTTP server uses the
local database for authentication purposes.

R1(config)# ip http server
R1(config)# ip http secure-server
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
*Jan 14 20:19:45.310: %SSH-5-ENABLED: SSH 1.99 has been enabled
*Jan 14 20:19:46.406: %PKI-4-NOAUTOSAVE: Configuration was modified. Issue
"write memory" to save new certificate
R1(config)# ip http authentication local

Finally, configure the virtual terminal lines of the router to authenticate using the
local authentication database. Allow virtual terminal input through both telnet
and SSH.

R1(config)# line vty 0 4
R1(config-line)# login local
R1(config-line)# transport input telnet ssh

Based on your knowledge of SDM, why do you think that the router needs to
have these non-SDM specific commands entered in?

SDM accesses the router using a username and password specified in the
program. Since SDM can potentially change router settings, it needs privileged
access to the router. You enable HTTP so that the router can act as an HTTP

2 - 34
CCNP: Implementing Secure Converged Wide-area Networks v5.0 - Lab 3-1
Copyright\u00a9 2007, Cisco Systems, Inc

Activity (20)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
mylan_Scribd liked this
durriyam4837 liked this
viji liked this
whichonline liked this
kuldeepkkachare liked this
febevi liked this
HiFromSabbir liked this
deden liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->